Between black and white: the state of grayware on the PC

Grayware claims to offer a useful service, but unwanted software tags along …

The rise of sneaky software

In the old days, as our parents frequently love to remind us, life was much simpler. You bought a computer, and when you finally figured out what you wanted to do with it, you assembled a list and went down to your local Egghead for some software. It was straightforward, if time-consuming.

All this changed when personal computers started hooking up to the Internet. Suddenly, software authors could deliver their wares to people all over the world, quickly, with negligible distribution cost. Unfortunately, reliable methods of payment hadn't quite been figured out yet, and most Internet users expected to download software for free. In the heady days of the dot com boom, many software companies were happy enough to give out free software and trust that the money would somehow arrive later, magically (some, like the authors of WinAmp, would live to see this happen when their company was bought by America Online). Other companies released trial or demo copies of their software which could be unlocked for a fee.

Still other organizations decided that the best way to make money from free software was to be sneaky—give away something for free that appeared to do something useful but, in the background, do something tricky that would generate revenue for the software's authors. This sneaky something could be displaying ads that the user did not request, hijacking a web browser's start page or search engine, or scanning the user's personal surfing habits and selling the results to the highest bidder.

Malware was born.

From malware to grayware

At first, this category of software was called malware, a contraction of "malicious software," to distinguish it from the age-old viruses and trojans that had been around since Elk Cloner first cheekily copied itself to Apple ][ users' floppy disks in 1982. Anti-virus software was slow to recognize the presence of this type of malware, and it was up to other companies to produce utilities to clean it up. Back in 2004 (remember when that seemed like such a futuristic year?), Ars published a comprehensive guide to malware and how to remove it. The guide noted that there were five major types of malware:

Adware: programs that displayed ads that the user did not want

Spyware: programs that sniffed out the user's surfing habits

Hijackers: programs that changed elements of the user's browser

Toolbars: programs that added themselves to the user's browser to perform adware, spyware, or hijacking tasks

Dialers: programs that used a dial-up modem to call 1-900 numbers and make someone else a lot of money

Four years later, things have changed. Anti-virus companies have grown wise to the threat of these types of software, and the term "malware" is now commonly used to describe all types of malicious software: self-replicating viruses, network-aware worms, attractive but deadly trojans, as well as programs that spew unwanted ads or that spy on the user. A new term was required to distinguish between programs that were purely malicious and those that offered some service but secretly did something else.

The new term was grayware, an apt description given the legal gray area these programs inhabit. Living in a fuzzy zone between pure maliciousness and genuine utility, grayware continues to thrive, and like the fuzzy mold from a science fiction novel, it is growing at an alarming rate.

At times, the terms get even more fuzzy, because grayware "vendors" (who still try to maintain an air of legitimacy) are not above using trojans and viruses in order to force the installation of their software against the user's will. There are four main vectors of attack that grayware companies use:

Offer the program as a useful utility that is a free download

Tell the user that they have to download the grayware program (often a browser plug-in) in order to view a web site

Bundle the grayware application with another "free" program that users might want (this is common with P2P apps)

Attempt to "force-feed" the installation of the grayware via an exploit of the user's web browser

It is the latter technique that blurs the line between grayware and traditional malicious software, and it is only this method that can be thwarted by keeping one's computer up-to-date with all the latest security patches. The other three methods are user-initiated, and as such, are not preventable by technological means.

Collectively, grayware (adware, spyware, and dialers) now comprises 38.1 percent of all malicious software, according to the most recent report from Panda Labs, a computer security research firm. Due to the rapidly-declining installed base of dial-up modem users, the percentage of "rogue dialers" continues to shrink, but other forms of grayware are flourishing.